---

Home Security

Security Portal: Kurt’s Closet: Postfix – the Sendmail replacement

By

“In all fairness Sendmail is a damn good MTA (Mail Transfer
Agent), Eric Allman originally wrote it with one main goal in mind:
the mail must get through. Unfortunately, when Sendmail was
originally written security wasn’t a major concern on the Internet
and it shows. Sendmail runs almost exclusively as the root user on
most systems, meaning any flaws are potentially very serious. In
addition to this Sendmail isn’t very good at handling high loads.
New mailers, such as Postfix, Zmailer, and Qmail are several times
faster then Sendmail on the same hardware. Until recently most of
the alternative mailers to Sendmail were not drop-in replacements,
to replace Sendmail was a painful task, and the new software
typically behaved differently then Sendmail. Postfix was designed
from the start to address all these problems.”

“Postfix does not run exclusively as root, instead a master
program (called “master”) runs as root and spawns off processes to
handle incoming, outgoing and local mail delivery as needed. Using
a series of modular components, each task is handled by a separate
program (which makes auditing it easier), for example outgoing
email is dumped into the queue directory by your software, where
“pickup” gets it and hands it to “cleanup”, which hands it to
“trivial-rewrite” which handles the headers, and finally is given
to “smtp” if bound for a foreign system. Postfix is also much
easier to setup for a chroot’ed environment than Sendmail is,
simply make a few edits to the master.cf file (typically in
/etc/postfix) and Postfix will run chroot’ed in its defined queue
directory (usually /var/spool/postfix). It is also possible to set
process limits for individual portions of postfix, again in the
master.cf file.”

“As stated before, replacing Sendmail with another MTA used to
be a very painful task, many mailers approached the “problems” in
Sendmail by doing things quite differently and require a pretty
extensive overhaul of the mail system, and a very different set of
configuration files. With Postfix you can use most of your existing
configuration files (such as access, aliases, virtusertable, etc.)
simply by defining them appropriately in the main.cf file. In
addition to this Postfix behaves like Sendmail, you can invoke
it using “sendmail”, get a listing of the mailq with “mailq”, feed
it pretty much the same options and so forth. I find a typical
Postfix conversion takes around 10 minutes for most
sites…


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.